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A method, apparatus, and article of manufacture for maintaining 
policy compliance on a computer network is provided. The method 
provides the steps of electronically monitoring network user compliance 
with a network security policy stored in a database, electronically 
evaluating network security policy compliance based on network user 
compliance, and electronically undertaking a network policy compliance 
action in response to network security policy compliance. 
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NETWORK POLICY MANAGEMENT AND EFFECTIVENESS SYSTEM 

BACKGROUND 

5 1. Field of the Invention . 

This invention relates in general to networked computing systems, and more 
particularly, to a system for maintaining network security policy compliance. 

2. Description of Related Art 

0 The Internet and computer networks allow organizations to store applications 

and information on central servers, waiting to be called up and manipulated from 
any location. Networks allow people greater access to files and other confidential 
information. Global networks, including the Internet, and remote access increase the 
vulnerability of corporate data, increase the risk of information leaks, unauthorized 

5 document access and disclosure of confidential information, fraud, and privacy. 

Employees are the greatest threat to an organization's information security. 
Employees with access to information resources including email, the Internet, and 
on-line networks significantly increase the security risks. 

Employees are using email for personal purposes creating questions of 

0 appropriate use of company resources, workplace productivity and appropriateness 
of message content. One of the greatest sources of information leaks is employee 
sent email. With electronic communication and networks, an electronic paper trail is 
harder to determine, since no record of who accessed, altered, tampered with, 
reviewed, or copied a file can make it very difficult to determine a document's 

5 authenticity, and provide an audit and paper trail. In addition, there is no automated 
system to centrally collect, analyze, measure, index, organize, track, determine 
authorized and unauthorized file access and disclosure, link hard copy information 
with electronic files including email, and report on how information flows in and out 
of an organization. 

0 Setting proper use and security policies are a method to create order and set 

standards for network use. Policies are ineffective unless users imderstand and 
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comply with the policies. Unfortunately, most organizations do not have tangible 
proof when, and if, a network-based policy violation has occurred until long after the 
damage has been done. Due to the technical nature of network policy violations, 
policy enforcement officers may not have adequate knowledge, skill, and evidence 
5 to properly execute a policy violation claim. Cases of selective policy enforcement 
can occur if policy violations are not consistently reported, filed, investigated, and 
resolved. 

Employees often view e-mail as equivalent to a private conversation. This 
view often does not reflect the official position of the organization. These 

1 0 communications reflect preliminary thoughts or ideas that have not been reviewed 
by the organization and typically only reflect the personal opinion of the parties 
involved. Yet, since employees of the organization create these communications, 
courts and regulatory agencies have concluded that employee communications can 
reflect the organization's view. There is a fiirther need for network communications 

1 5 software programs that offers robust policy compliance assistance, policy 
effectiveness monitoring and reporting. 

There is a need for an automated system to assist policy enforcement officers 
with proper policy enforcement procedure, and methods to measure policy 
effectiveness, appropriateness, user system activity and compliance. 

20 

SUMMARY OF THE INVENTION 
To overcome the limitations in the prior art described above, and to 
overcome other limitations that will become apparent upon reading and 
understanding the present specification, the present invention discloses a method and 

25 apparatus for maintaining policy compliance on a computer network. A system in 
accordance v^th the principles of the invention performs the steps of electronically 
monitoring network user compliance with a network security policy stored in a 
database, electronically evaluating network security policy compliance based on 
network user compliance, and electronically undertaking a network policy 

30 compliance action in response to network security policy compliance. The network 
policy compliance actions may include electronically implementing a different 
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network security policy selected from network security policies stored in the 
database, generating policy effectiveness reports, and providing a retraining module 
to network users. 

One preferred embodiment of the present invention includes notifying a 
5 network user and a policy administrator, providing a retraining module to the 

network user, and restricting the network user's network access rights in response to 
monitoring network user compliance. 

These and various other advantages and features of novelty which 
characterize the invention and various preferred embodiments are pointed out with 
1 0 particularity in the claims which are annexed hereto and which form a part hereof 
However, for a better understanding of the invention, its advantages, and the objects 
obtained by its use, reference should be made to the drawings which form a further 
part hereof, and to accompanying descriptive matter, in which there is illustrated and 
described specific examples of apparatus in accordance with preferred embodiments 
15 of the invention. 



BRIEF DESCRIPTION OF THE DRAWINGS 
Referring now to the drawings in which like reference numbers represent 
corresponding parts throughout: 
20 FIG. 1 is a block diagram illustrating a policy effectiveness system according 

to an embodiment of this invention; 

FIG. 2 is a block diagram illustrating the steps performed by the policy 
training module according to an embodiment of this invention; 

FIGS. 3A-3C are block diagrams further illustrating the steps performed by a 
25 policy training module according to an embodiment of this invention; 

FIG. 4 is a block diagram further illustrating the steps performed by a policy 
training module in administering a policy training exam; 

FIG. 5 is a block diagram further illustrating the operation of a policy 
effectiveness system according to an embodiment of this invention; 
30 FIG. 6 is a block diagram illustrating the steps performed by a policy 

compliance and reporting module according to an embodiment of this invention; 
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FIG. 7 is a block diagram further illustrating the steps performed by a policy 
compliance and reporting module according to an embodiment of this invention; 

FIG. 8 is a block diagram illustrating the appeal process performed by a 
policy compliance and reporting module according to an embodiment of this 
5 invention; 

FIG. 9 is a block diagram further illustrating a policy effectiveness system 
according to an embodiment of this invention; 

Figure 10 is an exemplary screen display illustrating the opening screen for 
policy training according to an embodiment of the invention; 
10 Figure 1 1 is an exemplary screen display illustrating the terms of the 

software licensing agreement according to an embodiment of the invention; 

Figure 12 is an exemplary screen display illustrating the terms of the 
continuation of the software licensing agreement according to an embodiment of the 
invention; 

15 Figures 13 and 14 are exemplary screen displays illustrating the terms of the 

privacy agreement according to an embodiment of the invention; 

Figure 15 is an exemplary screen display illustrating the choosing a screen 
identity according to an embodiment of the invention; 

Figure 16 is an exemplary screen display illustrating assigning the user a 
20 session number according to an embodiment of the invention; 

Figure 17 is an exemplary screen display illustrating the introduction to the 
virtual facilitator according to an embodiment of the invention; 

Figure 18 is an exemplary screen display illustrating the suggested policy 
according to an embodiment of the invention; 
25 Figure 19 is an exemplary screen display illustrating the network user 

discussion options according to an embodiment of the invention; 

Figure 20 is an exemplary screen display illustrating group policy 
discussions according to an embodiment of the invention; 

Figure 21 is an exemplary screen display illustrating policy writing according 
30 to an embodiment of the invention; 

Figure 22 is an exemplary screen display illustrating the network user 
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discussion options according to an embodiment of the invention; 

Figure 23 is an exemplary screen display illustrating the policy consensus 
according to an embodiment of the invention; 

Figure 24 is an exemplary screen display illustrating the policy training 
5 options according to an embodiment of the invention; 

Figure 25 is an exemplary screen display illustrating the policy exam 
according to an embodiment of the invention; 

Figure 26 is an exemplary screen display illustrating a training feedback and 
evaluation form according to an embodiment of the invention; 
10 Figure 27 is an exemplary screen display illustrating an Appropriate Use 

Agreement/Employee Agreement form according to an embodiment of the 
invention; 

Figure 28 is an exemplary screen display illustrating an Appropriate Use 
Agreement/Employee Agreement form according to an embodiment of the 
1 5 invention; 

Figure 29 is an exemplary screen display illustrating the end of the training 
according to an embodiment of the invention; 

Figure 30 is an exemplary screen display illustrating the policy compliance 
and reporting according to an embodiment of the invention; 
20 Figure 31 is an exemplary screen display illustrating the User Profile 

according to an embodiment of the invention; 

Figure 32 is an exemplary screen display illustrating Email Compliance 
according to an embodiment of the invention; 

Figure 33 is an exemplary screen display illustrating Document Management 
25 according to an embodiment of the invention; 

Figure 34 is an exemplary screen display illustrating Software Compliance 
according to an embodiment of the invention; 

Figure 35 is an exemplary screen display illustrating the audit function 
according to an embodiment of the invention; 
30 Figure 36 is an exemplary screen display illustrating Network Non- 

Compliance Notice according to an embodiment of the invention; 



wo 99/67931 PCT/US99/13998 

Figure 37 is an exemplary screen display illustrating a Network Compliance 
Action Notice according to an embodiment of the invention; 

Figure 38 is an exemplary screen display illustrating a policy compliance 
violation report according to an embodiment of the invention; 
5 Figure 39 is an exemplary screen display illustrating a network policy action 

notice according to an embodiment of the invention; 

Figure 40 is an exemplary screen display illustrating a policy knowledge 
query according to an embodiment of the invention; 

Figure 41 is an exemplary screen display illustrating a policy compliance 
1 0 violation report according to an embodiment of the invention; 

Figxire 42 is an exemplary screen display illustrating a policy compliance 
violation code and report according to an embodiment of the invention; 

Figure 43 is an exemplary screen display illustrating a System Violation 
Notice Email and Snail Mail Notice according to an embodiment of the invention; 
1 5 Figure 44 is an exemplary screen display illustrating a Subsequent Action 

Report according to an embodiment of the invention; 

Figure 45 is an exemplary screen display illustrating The Appeal Process 
according to an embodiment of the invention; 

Figure 46 is an exemplary screen display illustrating policy effectiveness 
20 reports according to an embodiment of the invention; 

Figure 47 is an exemplary screen display illustrating policy effectiveness 
reports according to an embodiment of the invention; 

Figure 48 is an exemplary screen display illustrating a policy effectiveness 
action according to an embodiment of the invention; and 
25 Figure 49 is an exemplary screen display illustrating policy resources 

according to an embodiment of the invention. 



DETAILED DESCRIPTION OF THE INVENTION 
In the following description of the exemplary embodiments, reference is 
30 made to the accompanying drawings that form a part hereof, and in which is shown 
by way of illustration a specific embodiment in which the invention may be 
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practiced. It is to be understood that other embodiments may be utilized and that 
structural changes may be made without departing from the scope of the present 
invention. 

The present invention provides a method and apparatus for maintaining 

5 policy compliance on a computer network. 

FIG. 1 is a block diagram illustrating policy effectiveness system 100 
according to an embodiment of this invention. The hardware generally 
implementing the policy effectiveness system 100 may include computers having 
processors and memories distributed over a network as is well-known in the art. The 

1 0 memory may include RAM or fixed storage. The program steps implementing this 
invention are stored in the memory and executed by the computer processor. The 
present invention is may be implemented using an intranet based application that can 
be stored on central servers, waiting to be called up and manipulated via a Web 
browser from any location. Those skilled in the art vsdll recognize that a variety of 

1 5 configurations can be used without departing from the scope of the present invention 
and that a wide variety of distributed and multi-processing systems may be used. 
Each of the blocks of FIG. 1 will be introduced, followed by a detailed explanation 
of each block. 

Block 105 represents a policy training module for developing network 
20 security policies. 

Block 1 10 represents a policy compliance monitor for monitoring 
compliance across the network. 

Block 1 1 5 represents a policy compliance and reporting module for 
managing information received from the compliance monitor. 
25 Block 120 represents the policy effectiveness module for managing the 

policy training module 105 and compliance monitor 1 10. 

Block 130 represents the database for storing policy and compliance 
information for the policy effectiveness system 100. 

Block 135 represents the document management system of the compliance 
30 monitor 130. 
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Block 140 represents the email compliance system of the compliance 
monitor 130. 

Block 145 represents the policy resource module for storing and managing 
policy resources. 

5 Block 150 represents the user profile module for storing user information. 

POLICY TRAINING MODULE 105 

The policy training module 105 typically is an interactive, multimedia, 
policy awareness training program which helps employees gain a better 
10 understanding of the basic concepts of network security, email and Internet 
technologies. 

The policy training module 105 presents the network user with a suggested 
network policy the organization wishes to implement. Policy training module 105 is 
designed to help the user understand potential risks that an organization faces if a 

1 5 policy is not implemented, the potential advantages and disadvantages of the policy 
in question, and the management and ethical principles affecting the potential policy 
in question. The network policies are generated by guidelines created from 
employee feedback obtained during a training session. 

The policy training module 105 is comprised of several templates. When the 

20 system is first implemented, policy consultants work with management personnel 
within an organization to determine the organization's policies for the initial training 
sessions, which may relate to, for example, an entire enterprise or a specific 
department of an enterprise. The initial policies are entered into a policy training 
database 130 and are the foundation for the initial training programs. As is further 

25 described below, after the initial policy training session, the policy effectiveness 
system 100 will analyze all of the information gathered from the areas it monitors 
and compare it to each network user profile 150 to determine the policy training 
needs of individual network users. Then, the system customizes the policy training 
materials for the user training sessions, 

30 To access policy training materials, the user is prompted to enter a password 

and hardware token. The user may be shown a hypertext list of policy training 
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options. The training options may be, for example, to enter a policy training session, 
review for a policy exam, or take a policy exam. 

Policy Training Session 
5 The policy training session may combine interactive multimedia, group 

policy development discussions, and policy exercises with individual policy review 
and feedback screens. The result is typically employee generated policy guidelines 
for network security policies. 

In the preferred embodiment, the computer screen for the policy training 
10 session is divided into three frames. The divided screen gives the user the option to 
review and answer policy recommendation questions, see and participate in group 
policy discussions, and pause the interactive group policy discussion session. After 
pausing the interactive group policy discussion section, the user may review 
dynamic policy recommendations and statistics from previous policy sessions, 
15 request additional information on a topic or subject presented during the previous 
policy session, or seek technical and product support. 

The policy training module 105 collects and records both individual and 
group policy recommendations. The policy training module 105 uses the user's 
policy recommendations as a benchmark for other users to use during policy 
20 creation/training sessions, and to track policy training effectiyeness. 

FIG. 2 is a block diagram illustrating the steps performed by the policy 
training module according to an embodiment of this invention. 

Block 200 represents the beginning of the policy training process. Figure 1 0 
is an exemplary screen display illustrating the opening screen for policy training 
25 according to an embodiment of the invention. The user may be asked to read a 

licensing agreement and indicate if he accepts or declines the terms of the agreement 
by clicking on the appropriate icon. Figure 1 1 is an exemplary screen display 
illustrating the terms of the software licensing agreement according to an 
embodiment of the invention. Figure 12 is an exemplary screen display illustrating 
30 the terms of the continuation of the software licensing agreement according to an 
embodiment of the invention. A message stating the privacy rights of the user 
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typically remains on the screen until the user clicks on an accept or decline icon. 
Figures 13 and 14 are exemplary screen displays illustrating the terms of the privacy 
agreement according to an embodiment of the invention. 

Block 202 represents the policy training module 105 presenting the network 
5 user with screen personality options. A screen personality represents a person v^ho 
is executing the training session under an assumed screen name and identity. In 
other words, a screen relates to a real person taking a training session. The user is 
typically presented with a screen and is asked to choose a screen name and identity 
(e.g.. Avatar) from a list of screen personalities for the training session. Such screen 
1 0 personalities give users greater privacy and the freedom to answer policy questions 
without fear of retaliation from other employees participating in the program. Figure 
15 is an exemplary screen display illustrating the choosing a screen identity 
according to an embodiment of the invention. 

Block 204 represents the policy training module 105 recording the network 
1 5 user' s screen personality in the policy effectiveness database. 

Block 204 represents the policy training module 105 assigning the user a 
session number.. Figure 16 is an exemplary screen display illustrating assigning the 
user a session number according to an embodiment of the invention. 

Block 206 represents the policy training module 105 recording the network 
20 user's session number. The session number may be used to track and reference the 
training session in the policy effectiveness module. 

Block 208 represents the policy training module 105 presenting the network 
user with a virtual training room. The user may be prompted to click on an icon to 
enter the virtual training room. The virtual training room is typically similar to an 
25 Internet chat room. 

Block 208 represents the policy training module 105 presenting a virtual 
facilitator. In a preferred embodiment, the user is introduced to the program's 
virtual facilitator who introduces the training participants to each other, explains the 
training rules, and assures the training program remains on schedule. The virtual 
30 facilitator is typically stored in the policy training database 130. Figure 17 is an 
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exemplary screen display illustrating the introduction to the facilitator according to 
an embodiment of the invention. 

In the preferred embodiment, a maximum of 5 screen personalities can 
participate per training session. Block 212 is a decision block representing the 
5 policy training module 105 determining if there are less than three participants 
registered for a session. If so, block 220 represents the policy training module 105 
determining the number of virtual personaUues needed for the system; otherwise, 
control is passed to decision block 214. The system monitors the number of screen 
personalities registered for a training session. The system records each user's 
10 training session including the user's policy suggestions, individual feedback and 
onscreen comments provided during the training session. Block 222 the system 
generates a virtual personality to participate in the training session. A virtual 
personality may be implemented in the form of a template having fields including 
information copied firom a user's previous training session. When the policy training 
1 5 module 105 determines that a virtual personality is needed for a training session, the 
present system may be implemented so that the module 105 launches an algorithm to 
generate a virtual personality to participate in the training session. The algorithm 
copies information from the policy recommendation database 224 stored in database 
130. Block 226 represents the policy training module 105 storing the virtual 
20 personality in the database 224. The policy recommendation database 224 is 
comprised of policy information previously submitted by a screen personality 
including policy suggestions, individual feedback and onscreen comments provided 
during previous training sessions. Virtual personality information obtained during 
previous training session is retrieved from the policy recommendation database 224. 
25 The algorithm copies the policy information from the previous policy modules, 

positions and scripts the policy information for the present training session. Script is 
defined as positioning and pacing the policy information per policy module to make 
it appear as though it is occurring in real-time. This provides the user with a virtual 
personality and an interactive, simulated real-time training experience without the 
30 user being dependent upon the availability of others for interaction, discussions and 
training. After introductions, the user is typically prompted to click on either an 
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agree or decline icon to indicate his understanding of the training rules and to 
indicate his readiness to proceed. Block 220 represents the policy training module 
1 05 generating a policy. 

Block 214 is a decision block representing the policy training module 105 
5 determining if there are less than five screen personalities registered for the session. 
If so, block 216 represents the policy training module 105 dividing the participants 
into two sessions; otherwise, control is passed to block 220 which represents the 
policy training module 105 generating a policy. Block 216 represents the policy 
training module 105 assigning the participants a new session number. 

10 

The policy training process: 

FIGS. 3A-3C are block diagrams further illustrating the steps performed by 

the policy training module 105 in performing the generating a network security 

policy step represented by block 220 according to an embodiment of this invention; 
1 5 Block 300 represents the policy training module 1 05 indicating that the 

network user is ready to begin policy training by presenting the network users with 

suggested policy information. 

Block 302 represents the policy training module 105 receiving suggested 

policies from the network users. Figure 18 is an exemplary screen display 
20 illustrating the suggested policy according to an embodiment of the invention. The 

suggested policy information typically is stored in a policy training database 130, 

The user is asked to review the policy information and a policy suggestion for a 

limited period of time. The policy training module 105 collects a policy suggestion 

from each network user's policy review session. 
25 Block 304 represents the policy training module 1 05 recording all individual 

policy recommendations. 

Block 306 represents the policy training module 105 prompting the network 

user to join a group discussion after the network user has reviewed the information 

on his own. The network user indicates his readiness to join the group discussion, 
30 such as by clicking an icon. The network user's signal may be sent to the other 
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participants' screens. Figure 19 is an exemplary screen display illustrating the 
network user discussion options according to an embodiment of the invention. 

Block 308 represents the policy training module 105 notifying the other 
participants that a network user is prepared to enter the group session. Once the 
5 individual network users are ready to discuss the policy, the facilitator begins the 
session monologue and monitors the session's content and time. 

Block 310 represents the policy training module 105 retrieving the electronic 
facilitator from the database 120. The electronic facilitator serves as a moderator for 
the training module. For example, the electronic facilitator prompts the users for 
1 0 input and monitors the time spent on each issue. 

Block 312 represents the policy training module 105 cormecting individual 
network users to the policy training chat room. 

Blocks 3 14, 3 1 6 and 3 1 8 represent the individual network user computers 
connected to the policy chat room of the policy training module 1 05. One or more 
1 5 individual network user's policy recommendations may be displayed to the group. 

Block 322 represents the policy training module 105 displaying network user 
policy reconunendation to the group. The policy recommendations may be shown in 
a different color and font. Figure 20 is an exemplary screen display illustrating group 
policy discussions according to an embodiment of the invention. The individual 
20 recommendations are used to develop a group policy consensus. 

From the discussion, the group confers, online, to write a policy 
recommendation. All group participants can view the policy reconmiendations and 
group discussions from previous policy training sessions. Figure 21 is an exemplary 
screen display illustrating policy writing according to an embodiment of the • 
25 invention. 

Block 324 is a decision block representing the policy training module 105 
querying the user regarding whether he wants more policy information. If so, block 
326 represents the policy training module 105 retrieving the policy training 
information and displaying it to applicable network users; otherwise block 328 
30 represents the policy training module 105 collecting policy recommendations from 
the group. The group confers, online, to write a policy recommendation. The policy 
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training module 105 collects and records all group policy recommendations. Figure 
22 is an exemplary screen display illustrating the network user discussion options 
according to an embodiment of the invention. 

Block 330 represents the policy training module 105 recording the group 
5 policy recommendations in the policy recommendation database 224. 

Block 332 represents the policy training module 105 calculating and ranking 
the group responses in the policy training database. For example, the policy with the 
most user votes may be the policy of group consensus. 

Block 334 is a decision block representing the policy training module 105 
10 determining if a policy consensus has been achieved. If so, then block 336 
represents the policy training module 105 displaying the group consensus; 
otherwise, control typically is returned to block 322. If there is a tie for group 
consensus, the system requires network users to review the policy options and re- 
vote. Each user's policy information is displayed the group reconsiders their 
1 5 recommendations and attempts to come to a group policy consensus. 

The process illustrated in blocks 322 through 334 is repeated until a group 
policy consensus is achieved. 

Block 336 represents the policy training module 105 displaying policy 
consensus. Figure 23 is an exemplary screen display illustrating the policy consensus 
20 according to an embodiment of the invention. 

Block 338 represents the policy training module 105 recording the policy 
consensus. The process of developing a consensus policy is repeated until all of the 
policy modules have been reviewed and addressed. 

Block 340 is a decision block representing the poUcy training module 105 
25 determining if there are no additional policy modules to complete. 

If so, block 300 represents a repeat of the policy generation process; 
otherwise, block 342 represents the policy training module 105 presenting a 
suggested policy to the network user and assembling and recording the group 
consensus policies from each policy module. 
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The policy training module 105 assembles and records the group consensus 
policies from each policy module in the network security policy database 130. 

Block 344 represents the end of the policy generation process of the policy 
training module 105 

5 When the training session is completed, the network user is given the options 

to start the policy exam, review policy training materials, or end the session. Figure 

24 is an exemplary screen display illustrating the policy training options according 
to an embodiment of the invention. 

10 Start the policy exam 

FIG. 4 is a block diagram further illustrating the steps performed by the 
policy training module in administering a policy training exam according to an 
embodiment of the present invention. The network user is given an online policy 
exam to reinforce the information presented in the policy training session. 
1 5 Block 400 represents the policy training module 1 05 receiving a request for a 

policy training exam firom the network user. 

Block 402 represents the policy training module 105 retrieving a policy exam 
from the policy training database 130 and presenting it to the network user. Figure 

25 is an exemplary screen display illustrating the policy exam according to an 
20 embodiment of the invention. Once the network user completes the exam, he is 

prompted to send the exam to policy effectiveness 120 where the information 

regarding the user's taking of the exam is recorded. 

Block 404 represents the policy training module 105 receiving the exam 

answers from the network user and tabulating the network user's score. During the 
25 exam tabulation period, the network user is asked to fill out a policy training 

feedback and evaluation form. 

Block 406 represents the policy training module 105 retrieving a policy 

training feedback and evaluation form from the policy training database 130 and 

sending it to the network user. Figure 26 is an exemplary screen display illustrating 
30 a training feedback and evaluation form according to an embodiment of the 
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invention. The network user completes the policy training feedback and evaluation 
form and returns it to the policy training module 105. 

Block 408 represents the policy training module 105 storing the policy 
training feedback and evaluation form in the User's Profile database 150. 
5 Block 410 represents the policy training module 105 sending the network user 

his exam score after the feedback and evaluation form is completed. 

After the employee completes the policy building session, the policy training 
module 1 05 may request that the user sign an Appropriate Use Agreement/Employee 
Agreement designed to limit the organization's liability. Figure 27 is an exemplary 

10 screen display illustrating an Appropriate Use Agreement/Employee Agreement 
form according to an embodiment of the invention. Figure 28 is an exemplary 
screen display illustrating an Appropriate Use Agreement/Employee Agreement 
form according to an embodiment of the invention. Block 412 represents the policy 
training module 105 sending the network user an Appropriate Use 

1 5 Agreement/Employee Agreement. The user reads and signs the Agreement. The 
user returns the Agreement to the policy training module 1 05. The signed 
Agreement is kept in the User Profile database 200 and a copy is emailed to the user 
for his records. 

Block 414 represents the policy training module 105 receiving the Agreement 
20 and storing it in the User Profile 1 50. 

Block 416 represents the policy training module 105 sending an email 
message to the network user with a copy of the Agreement attached. 

Block 418 represents the end of the policy exam process. Figure 29 is an 
exemplary screen display illustrating the end of the training according to an 
25 embodiment of the invention. If the user fails the exam, the policy training module 
105 will ask him if he wants to retake the exam, review policy training materials, or 
end the session. 

POLICY COMPLIANCE MONITOR 110 

30 The Policy Compliance Monitor 110 works with the Policy Effectiveness 

Module 120 to provide network user compliance monitoring with network security 
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policy stored in a database, it electronically evaluates network security policy 
compliance based on network user compliance, and undertakes a network policy 
compliance action in response to network security policy compliance. Network user 
compliance monitoring is defined as monitoring network activity to insure users are 
5 in compliance with the organization's network security policies. Network security 
policy is a set of rules designed to limit an organization's risk and liability. 

FIG. 5 is a block diagram further illustrating the operation of the policy 
effectiveness system according to an embodiment of this invention. 

The policy compliance monitor oversees user profile, email compliance, 
10 internet compliance, document management and software compliance functions to 
collect network user security policy compliance activities. Figure 30 is an 
exemplary screen display illustrating the policy compliance and reporting according 
to an embodiment of the invention. 

Block 1 10 represents the policy compliance monitor of the policy 
15 effectiveness system 100. 

Block 1 50 represents the user profile module of the policy effectiveness 
system 100. The user profile module 150 is a database comprised of information 
about network users. For example, the user profile module 1 50 may contain 
information about network user policy compliance history, employment history, and 
20 network identification information. Figure 31 is an exemplary screen display 
illustrating the User Profile according to an embodiment of the invention. 

Block 140 represents the email compliance module of the policy 
effectiveness system 100. The email compliance module 140 collects information 
on network users' email use activity. Figure 32 is an exemplary screen display 
25 illustrating emziil compliance according to an embodiment of the invention. 

Block 135 represents the document management module of the policy 
effectiveness system 100. Figure 33 is an exemplary screen display illustrating 
Document Management according to an embodiment of the invention. The 
document management module 135 collects information on documents in the 
30 system. This may include document history, document authenticity, network user 
access to documents, and document access and disclosures. 
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Block 500 represents the software compliance module of the policy 
effectiveness system 100. The software compliance module 500 collects 
information on how network users utilize software on the network. Figure 34 is an 
exemplary screen display illustrating Software Compliance according to an 
5 embodiment of the invention. 

Block 502 represents the audit function of the policy effectiveness system 
100. The audit fimction collects information from all of the policies monitored by 
the policy compliance monitor 110. Each monitored policy is assigned a value 
representing a target baseline compliance level for network policy compliance 

10 ("network policy compliance"). In the preferred embodiment, the numeric value 
assigned to each monitored policy is 95, representing that for each policy 95% user 
compliance is required. Each network user compliance activity has a numeric value 
the system monitors representing a target baseline compliance level for user policy 
compliance ("user policy compliance"). 

1 5 Block 504 represents the network security policy compliance database of the 

database 130. The baseline compliance level assigned to each monitored policy is 
stored in the network security policy compliance database 504 of the database 130. 
The audit fimction is responsible for reviewing network user compliance and 
network security policy. 

20 Figure 35 is an exemplary screen display illustrating the audit function 

according to an embodiment of the invention. Block 506 represents the network 
security policy database. The network compliance value is monitored in relation to 
the user compliance value stored in the network security policy database 506. 

Block 508 is a decision block representing the policy effectiveness system 

25 100 analyzing the network policy compliance value in relation to the user 

compliance policy value. If the user policy compliance value is greater than or equal 
to the network policy compliance value, then block 120 represents the policy 
effectiveness system notifying the policy effectiveness module 120 that the network 
is in compliance. Otherwise, if the network policy compliance value is greater than 

30 the user policy compliance value, die policy compliance monitor 1 1 0 measures the 
difference between the network policy compliance value and the user policy 
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compliance value and undertakes a network compliance action in response to that 
difference. Alternatively, the policy compliance monitor could undertake a network 
a compliance action anytime a policy violation occurred. 

Figure 36 is an exemplary screen display illustrating Network Non- 
5 Compliance Notice according to an embodiment of the invention. Each policy is 
associated with a corresponding group of network policy compliance actions ranging 
from a mild (e.g., notifying a network user), level two (e.g. notifying the network 
user and a policy administrator), level three (e.g., providing a retraining module to a 
network user, restricting a network user's network access rights) and a level four 

1 0 action (e.g., restricting the network user's network access rights.) Each compliance 
action in the group is assigned a value related to a numeric value that may be 
reported from monitoring network user compliance. The numeric value assigned is 
based on the severity of the network policy compliance violation, i.e. the difference 
between the network policy compliance value and the user policy compliance value. 

1 5 Upon recording the difference between the network policy compliance value 

and the user policy compliance value, the policy compliance and reporting module 
115 records this information in the network security policy database 506 and begins 
undertaking the appropriate network compliance action. 

For example, an organization may have a personal email use policy. The 

20 personal email use policy may limit each user to sending a maximum of 20 personal 
email messages per day. The system assigns the numeric value of 95 to the personal 
email messages policy. A value of 100 is the optimum network policy compliance 
value. The compliance monitor collects information on network user compliance for 
personal email use. If an individual sends 25 email messages, the system records a 

25 user policy compliance value of 90. The user policy compliance value of 90 is 

compared to the network policy compliance value of 100. The difference of 5 (95- 
90) indicates to the policy effectiveness system 100 that a network policy 
compliance action may be taken. In this example, a network user compliance value 
of 5 may tell the system to execute a network compliance action. 

30 In the preferred embodiment, the system has four action levels. Each action 

level may be undertaken in response to a range of differences in compliance values. 
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Figure 37 is an exemplary screen display illustrating a Network Compliance Action 
Notice according to an embodiment of the invention. 

At a first action level, the system may send an email notifying the network 
user to cease and desist the non-compliant activity. 
5 At a second action level, the system may prompt the system administrator to 

follow screen prompts to initiate procedures for the infraction. The policy 
effectiveness system 100 notifies the network user and a system administrator. 
Email and surface mail are automatically sent to the alleged violator and the system 
administrator. The message may ask the alleged violator to discontinue the 
10 inappropriate behavior or to reread the Intranet-base Policy Manual. The policy 
effectiveness system 100 records if the user visits the electronic site of the Policy 
Manual. 

At a third action level, the policy effectiveness system 100 may file a policy 
violation report and launch an investigation. The policy effectiveness system 100 

15 sends email and surface mail to the alleged violator and the system administrator 
informing them of the violation. A policy retraining module may be the most likely 
course of action. At the third action level, the actions of the second infiraction are 
initiated and additionally an immediate referral is made to the appropriate policy 
officer for review and action. 

20 At the fourth action level, the policy effectiveness system 1 00 may restrict 

the network user's network access rights and prompt the system administrator to 
either begin investigation procedures and/or initiate a signal to the policy knowledge 
base to determine the recommended course of action. 

Block 510 represents the policy effectiveness system 100 undertaking a 

25 network policy compliance action. The policy effectiveness system 100 sends a 
signal to policy compliance and reporting 1 15 to record the non-compliant network 
user activity. 

POLICY COMPLIANCE AND REPORTING 115 

30 The policy compliance and reporting module 115 provides automated policy 

monitoring, policy violation procedures and reporting, it tracks policy investigations 



20 



wo 99/67931 



PCTAJS99/13998 



and generates policy investigaUon reports. These procedures work in conjunction 
with existing policy compliance reporting, discipline and grievance procedures to 
uphold the organization's technology policies. 

5 Compliance 

The policy compliance and reporting 115 monitors and records user and 
network system activities audit procedures and reporting, policy violation 
procedures/investigations/reporting, compliance/non-compliance status reporting, 
no. 6 is a block diagram illustrating the steps performed by a policy 
10 compliance and reporting module according to an embodiment of this invention. 
The policy compliance and reporting process begins when the policy 
compliance and reporting 115 receives a signal from the compliance monitor 1 10 
that a network compliance action has been taken. Block 510 represents that a 
network compliance action has been taken by the policy effectiveness system 100. 
1 5 Block 600 represents the policy compliance and reporting 1 1 5 sending an 

email or pager message to the system administrator notifying the administrator that a 
network user compliance violation has occurred. The email message attaches a 
policy compliance violation report (file) to the email and instructs the system 
administrator to follow the compliance reporting procedures. Figure 38 is an 
20 exemplary screen display illustrating a policy compliance violation report according 
to an embodiment of the invention. The email instructs the system administrator to 
log into the system, present a password and hardware token to access the policy 
violation reporting procedures and indicates the screen option to choose. The screen 
options available to the system administrator may include: file a policy compliance 
25 violation report, investigate a policy compliance violation report, review audit and 
system reports, the appeal process, review a user profile, policy resources, and 
policy effectiveness reports. 

File a policy violation report 
30 In a preferred embodiment, a screen is displayed to the system administrator 

indicating a network user policy compliance violation has occurred and a network 
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user compliance action, level two or greater, has been taken. The system 
administrator is instructed to click on an icon to access the network user policy 
compliance violation information and document the violation. Figure 39 is an 
exemplary screen display illustrating a network policy action notice according to an 
5 embodiment of the invention. 

Block 503 represents the policy compliance and reporting 115 retrieving the 
network user policy compliance violation documentation from the policy 
effectiveness module 120. Policy compliance and reporting 1 1 5 advises the system 
administrator on how to execute the designated network user compliance violation 
1 0 reporting procedures. This is achieved by prompting the system administrator ' 
through the reporting process and presenting a policy knowledge base. Figure 40 is 
an exemplary screen display illustrating a policy knowledge query according to an 
embodiment of the invention. A support icon is also available if the user needs to 
discuss a specific procedure with a Policy Consultant. 
1 5 Block 604 represents the policy knowledge database of the policy 

compliance and reporting 115. The policy knowledge database is comprised of 
automated network user policy compliance violation documentation. This may 
include network policy violation report forms, detailed reporting instructions, and 
investigation procedures checklist. The policy compliance and reporting 115 
20 analyzes the network user policy compliance violation information from the policy 
knowledge database 604 and determines if an investigation action is needed. 

After the system analyzed the violation information, a policy violation 
investigation report form is displayed on the user screen. Figure 41 is an exemplary 
screen display illustrating a policy compUance violation report according to an 
25 embodiment of the invention. All reports are documented in read-only format and all 
modifications and changes to the non-compliance reports are an addendum to the 
initial report. The system administrator is asked to supply the following network 
compliance violation information regarding the claim including the network user's 
name: E-mail address, title, department, mail station, type of violation (non- 
30 compliance drop down box), date of occurrence, date of report, and official report of 
the incident (MIS, the user, or policy officer). 
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copy printed and sent to the network user. The surface mail and e-mail reports are 
form letters that may include an Internet address to help inform the network user 
about the policy compliance violation reporting process. Policy compliance and 
reporting 1 1 5 tracks and monitors the status of the complaint by monitoring the 
scheduling module and tracking where the report is in the system. Block 612 
represents the policy compliance and reporting 1 1 5 distributing the policy 
compliance violation report information. 

Printed copies of the policy compliance violation report, correspondence, and 
related documents have a watermark printed in the header of the print out of the 
policy compliance violation report with the words "corporate record" printed on the 
top comer of the document. The printout may include the date the document was 
created, who created the document, the version number of the report and the file 
path. This is used to insure the authenticity of the policy compliance violation 
report. 
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Subsequent Action Report 

FIG. 7 is a block diagram further illustrating the steps performed by the 
policy compliance and reporting module 115 according to an embodiment of this 
invention in generating a subsequent action report. Figure 44 is an exemplary screen 
20 display illustrating a Subsequent Action Report according to an embodiment of the 
invention. Block 700 represents the policy compliance and reporting module 1 1 5 
receiving a message from the schedule module to begin subsequent action 
procedures. The policy officer, the system administrator and the network user are 
automatically reminded via e-mail of the requirement to individually file subsequent 
25 meeting reports with the system. Block 702 represents the policy compliance and 
reporting module 115 distributing notices via email. The policy officer, system 
administrator and the network user are required to present login and password/token 
information to file subsequent action reports with the system and to verify a policy 
compliance violation meeting occurred. 
30 The network user is also asked to sign an agreement indicating he attended 

the policy enforcement meeting and reviewed the policies of the organization. The 
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system adminisuator and policy officer are asked to confirm and document that the 
meeting took place. All parties are complete the forms. Block 704 represents the 
policy compliance and reporting module 1 1 5 retrieving subsequem action reports 
from the parties. The system stores the documents in the policy effectiveness 
S database. 

The system administrator is prompted by the system to confim in the 
subsequent action report form. The subsequem action form indicates if tiie network 
user policy compliance violation claim is still under investigation, pending or is 
closed. 

10 Block 706 represents tiie policy compliance and reporting module 115 

storing information related to the subsequent action reports. The policy compliance 
and reporting module 115 monitors the status of all network user compliance 
violations to insure that violation reports are properly reported and managed. 

15 The A ppeal Process 

FIG. 8 is a block diagram illustrating tiie appeal process performed by a 
policy compUance and reporting module according to an embodiment of tiiis 
invention. Figure 45 is an exemplary screen display illustrating The Appeal Process 
according to an embodiment of the invention. After filing the subsequent action 
20 report, the system gives tiie network user tiie opportunity to respond to appeal the 
network compUance violation. Block 800 represents the policy compliance and 
reporting module 115 prompting network user witii tiie appeal option. Block 802 
represents tiie policy compliance and reporting module 1 1 5 receiving a signal to 
begin appeal process. The network user is given tiie option of choosing an appeal 
25 facilitator from tiie organization. Appeal facUitators are employees of tiie 
organization randomly chosen by tiie system to act a faciUtator for tiie appeal 
process. The policy compliance and reporting module 1 15 reviews network user 
profiles and chooses tiie network users witii tiie lowest network user policy 
compliance violation records to be facilitator candidates. Block 804 represents tiie 
30 policy compliance and reporting module 1 1 5 retrieving appeal facilitator 

information from tiie policy compliance and reporting database. The user chooses 
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the facilitator from the Appeal screen. The system records the process and 
automatically sends an email to the facilitator. Block 806 represents the policy 
compliance and reporting module 115 recording the facilitator. Block 808 
represents the policy compliance and reporting module 1 1 5 assigning a password to 
5 the facilitator. Block 8 10 represents the policy compliance and reporting module 
115 sending an email to the facilitator. The e-mail explains the appeals process to 
the facilitator and provides the faciUtator with the passwords needed to access to the 
network user policy compliance violator's file. The facilitator has read-only access 
to the network user compliance violation reports. The facilitator is automatically 
10 copied on all appeal process communications. The system records this activity and 
stores it in the policy effectiveness database. 

Next, the internal officers are automatically prompted and sent a notice to 
schedule the appeal meeting with tiie new facilitator, the network user, the system 
administrator and the poUcy officer. Block 812 represents the policy compliance 
15 and reporting module 115 prompting users to schedule an appeal meeting. The 

process is reported to. stored, and tracked in the poUcy effectiveness module. Block 
814 represents the poUcy compUance and reporting module 1 15 the system 
recording the process. The appeal report is automatically sent to internal policy 
officers. The network user is automatically sent information to inform him of his 
20 procedural rights. The appeal report is automatically sent to the policy effectiveness 
module, the policy officer and the network user, and a surface maU is sent to the 
policy officer and the violator. Block 816 represents the policy compliance and 
reporting module 1 1 5 distributing appeal information to all parties. 

The facUitator logs into the system and reviews all of tiie documents 
25 regarding the policy violation. The facilitator, the policy officer and the suspected 
violator meet to listen to the violator's appeal. The facilitator and the policy officer 
are required to present login and password/token information to file appeal reports 
and to verify an appeal meeting occurred. Block 818 represents the policy 
compliance and reporting module 115 retrieving appeal report forms from policy 
30 compliance and reporting database. The appeal reports are comprised of several 
fields. The facilitator and the policy officer are required to complete the online 
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reports. The policy effectiveness analyzes the appeal reports to determine the final 
decision. Block 820 represents the policy compliance and reporting module 1 15 
analyzing the appeal reports. An email is sent to all parties with the final decision 
file attached. Block 822 represents the policy compliance and reporting module 1 1 5 
5 distributing the final appeal decision. Block 824 represents the policy compliance 
and reporting module 115 transferring the appeal information to the policy 
effectiveness module 120. 

POLICY EFFECTIVENESS 120 

10 The policy effectiveness module 120 electronically collects, records, 

analyzes and stores information from policy compliance monitoring, analyzes policy 
compliance and reporting, evaluates network policy compliance actions undertaken 
in response to the network security policy violations and electronically implements a 
different network security policy selected firom network security policies stored in a 

1 5 policy database. 

The policy effectiveness module 120 analyzes information collected firom the 
policy compliance and reporting 1 15 to determine if network user compliance 
policies are effective. Figure 46 is an exemplary screen display illustrating policy 
effectiveness reports according to an embodiment of the invention Figure 47 is an 

20 exemplary screen display illustrating policy effectiveness reports according to an 
embodiment of the invention. If a policy is determined to be ineffective, a new 
policy may need to be implemented. 

The policy effectiveness module 120 monitors the policy compliance actions 
taken over a period of time. At the time the system is implemented, the system 

25 administrator may set the system to measure network compliance actions that have 
been luidertaken on a monthly, quarterly, annual, historic (e.g., year-to-date) basis. 
After the monitoring time period has been recorded in the system, the system 
administrator may record the number of network policy compliance actions, per 
network compliance policy, considered acceptable during a said period of time. 

30 The policy effectiveness module 120 analyzes the policy compliance actions 

stored in the policy compliance and reporting module 115. Each policy is assigned a 
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value representing a target baseline compliance level for network policy compliance 
("network policy compliance"). In the prefened embodiment, the numeric value 
assigned to each monitored policy is 95, representing that for each policy 95% user 
compliance is required. The level of user compliance for a group of network users 
5 with respect to a particular policy is monitored. The network user compliance 

activity for a group has a numeric value the system monitors representing the degree 
of group user policy compliance ("group user policy compliance"). The network 
compUance value is monitored in relation to the user compliance value stored in the 
network security policy database 506. 
10 FIG. 9 is a block diagram further illustrating a policy effectiveness system 

according to an embodiment of this invention. 

Block 900 represents the policy effectiveness module 120 determining 
network policy compliance. Block 910 represents the policy effectiveness module 
120 determining group user compUance. Block 920 is a decision block representing 
15 the policy effectiveness module 120 analyzing the network policy compliance value 
in relation to the group user compliance policy value. If the group user policy 
compliance value is greater than or equal to the network policy compliance value, 
then block 940 represents the poUcy effectiveness module 120 recording that the 
network is in compUance with respect to a poUcy. Otherwise, if the network policy 
20 compliance value is greater than the group user policy compliance value, the policy 
effectiveness module 120 measures the difference between the network policy 
compliance value and the group user policy compUance value and may undertake a 
network compliance action in response to that difference. 

Each compliance action in the group is assigned a value related to a numeric 
25 value that may be reported from monitoring network user compliance. The numeric 
value assigned is based on the severity of the network policy compUance violation, 
i.e. the difference between the network poUcy compliance value and the group user 
poUcy compliance value. Upon recording the difference between the network policy 
compliance value and the group user policy compliance value, the policy 
30 effectiveness module 120 records this information in the network security policy 
database 130 and begins undertaking the appropriate network compUance action. 
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The policy manual is presented to users such that they will be able to read and 
review the policy manual periodically. Users are periodically required to sign an 
online form indicating he or she has read the policies, and any policy revisions, and 
understands all of policies. Annual updated information will be highlighted for fast 

5 review. The policy effectiveness system 1 00 tracks users visit to the policy. The self- 
serve policy section allows the policy officer to revise the policy. The policy officer 
is prompted to access a policy database and is instructed to download a new policy 
when the system has determined that a policy is ineffective and users are 
consistently out of compliance with the cunent policy. The new policy(s) are 

10 automatically added to the policy effectiveness system and the organization's policy 
manual. 

Software resources include software listings and updates, guidelines for 
proper use including email etiquette, and netiquette training, Internet information 
and personal safety training , optional registration of an encryption private or public 
1 5 key witii the system, a listing of the organization's approved and licensed software, 
software downloading guidelines and approved procedures, tech support for user's 
questions 

Registering newly downloaded software to the system, management approved 
trialware, shareware and others for review by tiie organization, operations and 
20 support information, regulation, policy, and Freedom of Information Act materials, 
information explaining how the system works includmg product support and 
services, telephony, text-based support, and in-house support options, a simple do & 
don't security module for non technical activity, and online safety information 

25 Security. System Backup, and Recovery Processes 

Users must present a password and hardware token to access the policy 
effectiveness system 100. Most organizations concentrate their security resources on 
securing the perimeter of tiieir network. Unfortunately, tiie greatest threat to an 
organization is its employees, who, with network access can cause greater damage 

30 than an external intruder. 



30 



wo 99/67931 



PCTAJS99/13998 



The policy effectiveness system 100 employs an electronic tag to monitor 
document level access, security and to track information on a per document basis. 
This creates the opportunity to prove document authenticity, to track the copies and 
revisions of a document, and to monitor and report document access and disclosures. 

5 

System backup and recovery 

The policy effectiveness system 100 has an online backup feature. This 
feature offers full redundancy, without the expense of off-site storage, and limits the 
process of physically cataloging and indexing backup tapes. Cataloging and 
1 0 indexing backups ,is automatically completed by the system. Backman is an existing 
software that does this. 

Software Compliance 

Most large organizations are not cognizant of the type of software licenses 
1 5 they have, which workstation and/or server has which software, who is using -what 
software, and whether or not the organization is in compliance with their software 
licensing agreements. Users can easily download freeware, shareware trialware, and 
permware software from the Internet. All software is distributed with compliance 
conditions or restrictions of its use, even if it is identified as freeware, shareware and 
20 trialware, or is copyrighted but freely distributed. 

To effectively monitor an organization's software compliance, periodic 
network audits are needed to identify deviations in the software inventory, and to 
reconcile software license agreements vwth software and hardware inventories. 
Products that monitor software licenses are known in the art, for example the FlexIM 
25 software by Globetrotter. 

Each user is registered in the user profile database 150. The user profile 
database 150 includes a user's hardware and software inventory information, as well 
as the user' s name, user's email address, user's surface mail address, employment 
status (e.g., temp, contract, virtual), title, department, organizational chart indicating 
30 who the user reports to, the direct reports, his assistant, and mail sUtion address. It 
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also may indicate the software present on a user's workstation and the user's system 

access and security status. 

The user profile database 1 50 also retain copies of any Employment 

Agreements and other employment-related contracts, maintains a record of the users' 
5 policy training and exam status, policy compliance history, network activity, and any 

special network access or privileges such as using the network for charitable use. 

Additionally, the user profiles 150 may also monitor software downloads fix)m the 

network, or Internet, to hardware through network activity reports and network 

audits, including any software approved for use by management and other special 
10 approvals. Additional user information can be monitored and collected to assist the 

organization's reporting needs. 

The policy effectiveness system 100 includes an object library/object level 

licensing system similar to FlexIM by Globretrotter. 

The policy compliance monitor 1 10 features dynamic updating and 
1 5 exchanging of software licensing agreements. The compliance monitor 1 1 0 reviews 

all software license agreements and maintains records of the vendor information. 

The compliance monitor 1 10 sends a notification to the system administrator 

indicating that a software license is about to expire. The system administrator is 

prompted to send an email to the licensing organization to update the license 
20 agreement Once the updated license agreement is received via email, the system 

automatically updates the software license registered and stored in the compliance 

monitor 110. 

The policy effectiveness module 120 monitors and tracks network activity 
including all hardware and software in the policy effectiveness system 100. This 

25 module can generate reports to track an organization's user access including failed 
login attempts and all attempts to launch privileged applications, any changes to 
system configuration parameters software downloads fi'om the Internet, software and 
hardware usage, location of software, location of software license agreements, type 
of software agreements, coordination of software license agreements with software 

30 utilization, statistical and graphical information regarding justification for software 
purchases, upgrades and maintenance expense, software installations, software 
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Licensing Agreement 
for 

Virtual Policy Builder 



END-USER UCENSE AGREEMENT FOR VIRTUAL POUCY BUILDER SOFTWARE - VIRniAL WORISPACE lMPORTA>fT- 
READ CARERILLY: ThU End- User Liccmc Agrecmem CEULA") ii t tegil «gre«nem between you (cither in individuil or i iingk entity) 
ind the minuftourer ('PC Minu(*ciurer") of the computer lytiem (XOKfPUTERn with wWch you ic<»iircd ihc Vimitl Wort{«|»cc wftwtrc 
prodocui) identified tbove ("SOFTWARE PRODUCT of "SOFrWARE-V If the SOFTWARE PRODUCT is not iccompinicd by a new 
Mxnputer lyncm. you miy not u$c or copy the SOFTWARE PRODUCT. The SOFTWARE PRODUCT includes computer loftwtrt. the 
istodsied media, iny primed mitcritU. &nd iny "online" or clcciranic documcmation. By instilling, copying or othcrwtse using the 
SOFTWARE PRODUCT you tgrec to be bound by the terms of this EULA. tf you do not agree lo the tcnns of this EULA. PC ManufacwrCT 
ind Virtual Workspace an: unwilling to license the SOFTWARE PRODUCT to you. In such event, you may not use or copy the SOFTWARE 
PRODUCT, and you ihouW promptly contact PC Minufiietura for insmmions on rewm of the unused producKs) for a refund. 

SOFTWARE PRODUCT LICENSE . ... . 

Tlte SOFTWARE PRODUCT is protected by eopyngta laws and iraemauonal copyright treaties, as well as other micltectual property laws and 

treaties. The SOFTWARE PRODUCT is tiecnacd. not told. 

I ORAVT OF UCENSE. This EULA gnnts you the following righis: 

• Software. You may insull and use one copy of the SOFTWARE PRODUCT on the COMPUTER. 

• Network Services. If the SOFTWARE PRODUCT includes fiwnionaUty that entWes the COMPUTER to aa as a network server, any 
number ofcomptitci* or wofkaatioos may access or othm«ieutaize the basic network sc^ The basic network services arc 
more fiilW described in the printed materials accompanying the SOFTWARE PRODUCT. 

J^2N«!Saise. Y^^ also store or insall a copy of the eomp,«ef software portion of the SOFTWARE PRODUCT «uhe 
COMPUTER to allow your other computers to use die SOFTWARE PRODUCT over an imemal network. «k1 <*'^*Ti?f™^/ 
PRODUCT 10 your other computers over an imerwl nenrork. However, you must acquire and dedicKC a license for the SOFTWARE 
PRODUCTto^com^In^oo A license for the SOFTWARE 

PRODUCT may no* be shared or used concuncntly on diflerem computers. 

• Op«.ting Sy«cm Choice. PC Mtmiteurer may have elected to provide you with a choice of Virtual Workspace openung system softwwe 

^olSl^^k^lJJSiity. ir PC Manuficturer has not included a btck- up copy of the SOFTWARE PRODUCT with the COMPUTER, you 
miv use the Virtual Workspace tawk* up utility, if included with the SOFTWARE PRODUCT, lo make a single back- up copy of the 
SOFTWARE PRODUCT. You may use the back- up copy solely for archival purposes. After the tingle back- up copy is made, (he backup 
utility will be permanently disabled. 

2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS. 

• Limitations on Reverse Engineering. Decompilation and Disaswrnrbly. You may not reverse engineer, decompile, or diMSscrnblc the 
SOFTWARE PRODUCT, except and only to the cxuan that such activity is expressly pcrmincd by applicable law notwithsiandmg ih<s 

limitation. . _j 

• Separation of Componems. The SOFTWARE PRODUCT is licensed as a single product Its componem parts may not be separated for use 

^"sSSk OOMfStSTS SOFTWARE PRODUCT is licensed with the COMPUTER as a single imcgr«cd produo. The SOFTWARE 
PRODUCT may only be used with the COMPUTER. 

• Rental. You may not lera or lease the SOFTWARE PRODUCT. ^ , r^^„ ,tco 

• Softwui: Transfi. You may perm«iemly transfer all of your rights under this EULA only as pan of a sale or nii»fe of the COMPUTED 
p^S^ nnain nocopi^jT^all of the SOFTWARE PRODUCT (including all component ^^'^:;'^J^r;^;^^'' 
a^upgrida. this EULAand. if tppiicaWe, the CcnifiaM(s) of Authemicity). AN D the reoptcm agrees to the terms of this EULA. If the 
SOFTWARE PRODUCT is an upgrade, any transfer must include all prior versions of the SOFTWARE PRODUCT. 

• TenniiMt ion. Wi thoM pf^udtce to any other rightv VImial Workspace may terminate this EULA if you fail to comply w,th the tcmts and 
conditions of this EULA. to snch evem. you must destroy all cop.es of the SOFTWARE PRODUCT and dl of its component pans. 
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Licensing Agreement 
for 

Virtual Policy Builder 



Continue 



i 
i 



3. UPGRADES, rf the SOFTWARE PRODUCT is to upgriite from another product whether ftwn Viituil Woritspicc or mother 
supplier, you may uM or tnnsfcr the SOFTWARE PRODUCT only in conjunction with th« upgraded product, unlcu you dcaroy the 
upgraded produa. If the SOFTWARE PRODUCT is an upgrade of a Vinua) Woricspaee product, you rMw may u«e (hat upgraded 
product only in accordance with this EULA. rf the SOFTWARE PRODUCT is an upgrade of a component of a package of software 
programs which you licensed as a single produa. the SOFTWARE PRODUCT may be used and transferred only as pan of that single 
produa package and may not be sepaiatcd for use on nmre than one computer. 

4. OEM COPYRIGHT. All title and copyrights in and to the SOFTWARE PRODUCT (including but not Itmtted to any images, 
photographs, animations, video, audio, music, text and 'applets,' incofporatcd into the SOFTWARE PRODUCH. the accompanying 
prtnied materials, and any copies of the SOFTWARE PRODUCT, are owned by Vimial Workspace or its supplier*. The SOFTWARE 
PRODUCT is pnxected by copyright laws and imereational treaty provisions. You may no( copy the printed materials accompanying 
the SOFTWARE PRODUCT. 

3. DUAL- MEDIA SOFTWARE. You may receive (he SOFTWARE PRODUCT in more than one medium. Regardless of the type or 
size of nwdium you rceeiva you may use only one medium that is appropriate for your single comptncr. You may not use or install the 
other medium on another computer. You may not loan. rem. Icascorahcrwisctiinsfcr the other medium to another user, except as pan 
of the permancm transfer (as piwided above) of (he SOFTWARE PRODUCT. 

6. OEM PRODUCT SUPPORT. Produa suppon for the SOFTWARE PRODUCT is NOT provided by Vtrtiial Workspace Cotpomion 
or its subsidiaries. For pmdua suppon, please refer to PC Manuftaurer^ support number provided in the documematton for the 
COMPUTER. Should you have any questions cooccming this EULA. or if you desire to contaa PC Manuftaurcr for any other reason, 
please tcfcr to the •ddreas provided in the documcottiion die COMPUTER. 

7. OEM U.S. GOVERNMENT RESTRICTED RIGHTS. Tltc SOFTWARE PRODUCT and doamienutioii arc provided with 
RESTRICTED RIGHTS. Use. duplication, or disclosure by the Government is subjea to restrictions as sa fimh in subparagraph 

(cK I Xiil of die Rights in Technical Data and Computer Software clause at DFARS 232.:27. 701 3 or subparagraphs (cK I > and (2) of the 
Commercial Cemputa Softwiie- Restricted Rights it 4« CFR 52.227- 19, » applicable. Manufacturer it Viitoal Workspace 
CorporauonOSO East 6th Strea. Suite 61(VSl Paul MN 3510). 

FOR THE LIMITED WARRANTIES AND SPEOAL PROVISIONS PERTAINING TO YOUR PARTICULAR JURISDICTION. 
PLEASE REFER TO YOUR WARRANTY BOOKLET INCLUDED WITH THIS PACKAGE OR PROVIDED WITH THE 
SOFTWARE PRODUCT PRINTED MATERIALS. 



Please indicate your acceptance of the software licensing agreement by clicking on the 
: accept icon. If you disagree with the terms of the agreement, click the decline icon. 
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Privacy Statement 
for 

Virtual Policy Builder 



j Virtual Workspace has created this privacy statement in order to demonstrate our firm commitment 
' to privacy. The following discloses our infonmation gathering and dissemination practices for this 
' site; Virtual Policy Builder. 

Your IP address Is used to htf p identify you and your shopping cart. 

Our site's registration form requires users to give us contact information (like their email address) 

and demographic Information (like their zip code, age, or income level). The customer's contact 
. information is used to contact the visitor when necessary. Users may opt-out of receiving future 
: mailings; see the delete/deactivate section below. Demographic and profile data is also collected at 

our site. We use this data to tailor the visitor's experience at our site, showing them content that we 
• think they might be interested in. and displaying the content according to their preferences.finandal 

Information (like their account or credit card numbers)*). Financial information that is collected is 

used to bill the user for products and sendees. 

Opt-Out 

I Our site provides users the oppwtunlty to opt-out of receiving communications from us at the point 
where we request information about the visitor. 

: Delete/Deacthrate 

■ This site gives users the fottowing options for removing their information from our database to not 
: receive future communications or to no longer receive our service. 
You can send email to deiete@virtuatworkspace.com 

Chartge/Modlfy 

: This site gives users the toltowing options for changing and modifying information previously 
. provided. Email update@virtuaiworkspace.com 
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Privacy Statement 
for 

Virtual Policy Builder 



I, 
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Contacting the Web Site 

If you have any questions about this privacy statement, the practices of this site, or 
your dealings with this Web site, you can contact 

Virtual Workspace 
250 East 6th Street 
Suite 610 
. St. Paul, MN 55101 
aj@virtualworkspace.com 
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Choosing a Screen 
Identity 



Choose a screen name and identity for the training 
session by clicking on the screen name listed below 

Screen Names: 
Sasha: the warrior princess 
Alvin: the truck driver 
Josh: the surfer dude 
William: the investment banker 
Alice: the domestic engineer 



/ 
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Choosing a Screen 
Identity 



, Your training session number is:_ 



The session number is used to track and reference the 
training session in the policy effectiveness module. 



Click on the training icon to enter the virtual training 
room. 



Training 
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Meet the 
Facilitator 



. i 
.1 



Click on the picture to 
meet and interact with 
the facilitator and the 
other participants for this 
training session. 



You will need Real Audio to listen to 
the facilitator introduce the participants 
and the training rules. 
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Policy Suggestion 



Desktop Piracy 

Suoocstcd Policy : To comply with laws governing software protection from 
piracy employees must not: 

•Make copies of any software unless explicitly authorized. 

•Exchange, trade or transfer copies of any software to others in 

cyberspace. 

•Download copies of software that normally would have to be 
purchased. 

•E^irchase any software from the Internet without prior approval 
If you encounter pirated software or suspect software may have been pirated, notify 
the system administrator immediately and distance yourself from the real or suspected 
illegal acttvtty. 

Premise : Expect different people to have different standards. They arc not better, 
not worse - simply different. 

Principle : The principle of present choices states that current decisions tend to limit 
future action. This means that most important decisions affect two timcframcs^e 
Short-term result may be a benefit but the long-term result can be either a benefit or, 
as often happens, a consequence. 



Do you agree or disagree witli tlie suggested poUcy? 



i What clianges would you make to die suggested policy? 



Salnrit 



Pause 



Exit 



Menu 



Stats 



Support 
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WHAT IS CLAIMED IS: 

1 . A method for maintaining policy compliance on a computer network, 
comprising the steps of: 

electronically monitoring network user compliance with a network security 
5 policy stored in a database; 

electronically evaluating network security policy compliance based on the 
network user compliance; and 

electronically undertaking a network policy compliance action in response to 
the network security policy compliance. 

10 

2. The method of claim 1 , wherein the evaluating step comprises the 
steps of: 

electronically generating a network security policy compliance value based 
on monitoring network user compliance for a plurality of network users; 
1 5 electronically comparing the compliance value to a target compliance value, 

wherein the target compliance value defines a baseline for network security policy 
compliance; and 

wherein the undertaking step is based on a difference between the 
compliance value and the target compliance value. 

20 

3 . The method of claim 2, wherein the compliance action is selected 
from a group comprising: 

electronically implementing a different network security policy selected from 
network security policies stored in the database; 
25 generating policy effectiveness reports; and 

providing a retraining module to network users. 

4. The method of claim 1 , further comprising the step of electronically 
undertaking a user compliance action in response to monitoring network user 

30 compliance. 
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Choosing a Screen 
Identity 



Your training session number is: 

Tlie session number is used to track and reference the 
training session in the policy effectiveness module. 



Click on the training icon to enter the virtual training 
room. 



Training 
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Meet the 
Facilitator 



..JT" 



\ J 



. • I 



Click on the picture to 
meet and interact with 
the facilitator and the 
other participants for this 
training session. 



You will need Real Audio to listen to 
the facilitator introduce the participants 
and the training rules. 
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Policy Suggestion 



Desktop Piracy 

SuQQCsted Policy : To comply with laws governing software protection from 
piracy employees must not: 

•Make copies of any software unless explicitly authorized. 

•Exchange* trade or transfer copies of any software to others in 

cyberspace. 

•Download copies of software that normaliy would have to be 
purchased. 

•Purchase any software from the Internet without prior approval 
If you encounter pirated software or suspect software may have been pirated notify 
the system administrator immediately and distance yourself from the real or suspected 
illegal activity. 

Premise ; Expect different people to have different standards. They are not better, 
not worse - simply different. 

Principle ; The principle of present choices states that current decisions tend to Umit 
future action. This means that most important decisions affect two timcframes^e 
short-term result may be a benefit but the long-term result can be cither a benefit or, 
as often happens, a consequence. 



Do you agree or disagree with the suggested policy? 



What changes would you nudoe to the suggested policy? 



Sabmit 



Pause 
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Policy Training 
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<^i^ policy 
recOmfnendation 
questions 


CPfirticlpate^'" 9^°^P P^''^^ discussions 


















(^ausg) the program to: 








Review policy recommendations and statistics from previous sessions 

Request additional information on a topic of subject presented during the 
previous session 

Technical product support 
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Room 






Policy Feedback 


■ 


AlviiT No chanqes 




Josh: No changes 




■ 

William: > 1 hate getting an approval to download 




software. 1 want that section changed. 




Facilitator: >Does the group think about downloading 




software and approvals? 




Josh: > Have to company make a list of approved 




software to download. . .Would that help you 




1 Will? Or do you want the option to download 





j anything? 




j 

I William: > 1 could live with a list, as long as 1 can email 




the someone to approve of the software 1 




want to have downloaded. 

1 

i 
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Writing the Policy 



Suggested Policy: To comply with laws governing software protection 
from piracy employees must not: 



•Make copies of any software unless explicitly authorized. 
•Exchange, trade or transfer copies of any software to others 
in cyberspace. 

•Download copies of software that nonnaUy would have to 
be purchased. 

•Purchase any software from the Internet without prior 
approval 



If you encounter pirated software or suspect software may have been 
pirated, notify the system administrator immediately and distance 
yoursetf from the real or suspected illegal activity. 

Facilitator: If I am correct, you want this section added to the policy? 

Add> > > All software downloads can be approved by the system 
administrator. The user needs to email the system 
administrator to get approval for downloading the software. 



- i 
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Vote on a Policy 
Recommendation 



To comply with laws governing software protection from piracy employees 
\ must not: 

- -1 -Make copies of any software unless explicitly authorized. 

•Exchange, trade or transfer copies of any software to others 

! in cyberspace. 

j •Download copies of software that nomially would have to be 

1 purchased. 

I 'All software downloads can be approved by the system 

I administrator. All network user needs to email the system 

I administrator to get approval before downloading the 

j software. 

j •Purchase any software from the Internet without prior 

I approval 

- - - • If you encounter pirated software or suspect software may have been 

pirated, notify the system administrator immediately and distance yourself 
from the real or suspected illegal activity. 

I Do you agree or disagree with the policy? 
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Fig. 23 



Policy Consensus 



To comply with laws governing software protection from piracy employees 
must not: 



•Make copies of any software unless explicitly authorized. 
•Exchange, trade or transfer copies of any software to others 
in cyberspace. 

•Download copies of software that normaUy would have to be 
purchased. 

•All software downloads can be approved by the system 
administrator. All network user needs to email the system 
administrator to get approval before downloading the 
software. 

•Purchase any software from the Internet without prior 
approval 



If you encounter pirated software or suspect software may have been 
pirated, notify the system administrator immediately and distance yourself 
from the real or suspected illegal activity. 
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Policy Training 

Main Menu 



Start Policy Exam 

Review Policy Training Materials 

End Session 
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Fig. 25 



Policy Training Exam 



What is spam? 

A slang term for an electronic contract 

A luncheon meat 

A slang term for junk e-mail 

A term used for downloading files from the web 
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Training Feedback Form 



Was the subject pertinent to your needs and interests? 
No To some extent 

Very Much So 

Excellent Satisfactory Dissatisfacory 
Adequacy of Course Content 
Length of Course 
Adequacy of Course Materials 
Adequacy of Learning Experience 
Adequacy of Facilities 

If any factor is rated "unsatisfactory", please provide explanation: 
What was of least value to you in this seminar? 

What was of most value to you in this seminar? 

How will you apply this learning back on the job? 

Would you recommend this course for other individuals/teams? 
Yes No 
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Fig. 27 
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Acceptable Use 
Agreement 

ThrsTgTeemen rrs'bem the employeeai^^ . 

The user agrees to the following: 

1 . All information stored on the company system is for educational, 
instructional or administrative purposes. All data stored on the company 
computer will be suitable for all audiences and shall not violate personnel 
privacy. 

2. Use of the computer system for commercial purposes is prohibited. 

3. User accounts which are issued for the purpose of making the organizational 
(county, program, etc.) Web site will have a designated primary user who is 
responsible for contralling access to the account. The primary user will not 
share his/her login ID and password with anyone outside the organizational unit, 
and will change the password regularly. 

4. The company server(s) system is an electronic community. Users are 
community members and as such must be considerate of other users. Thus, 
users will attend to their own files and directories and leave others alone. Users 
shall inform the system administrator, or the fylanager if a problem arises with 
your account or the server(s). 

5. Users will be good stewards of the electronic environment and will not 
waste space, computing power or other user's time. 

6. Because this is an educational community, there are many children who 
have access to materials on the system. Users have a responsibility to ensure a 
nurturing environment for our children. Consequently, users will neither store 
not transmit obscene, abusive or othenwise objectionable material on the 
system. Such actions will result in prompt termination of system privileges. 

7. The company reserves the right to review any material stored on the 
system and will remove any material which it believes violates and element of 
this agreement. 
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Acceptable Use 
Agreement 



CONTINUE 

8. The company operates a reliable and effective computing environment and 
network, however the company does not warrant that the system will, meet any 
specific user requirement or that the system will be error free or uninterrupted. 
The company shall not be liable for any direct or indirect, incidental or 
consequential damages sustained or incurred on connection with the use or 
inability to use the company system. 

User Signature 



Date: 



Manager: 



Internet e-mail address: 



Click icons to accept or decline the terms of the Acceptable Use Policy. 



C^ccepT) C Pecline ^ 
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The End 



Thank your for participating in the 
policy training program. 
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User Profile 



I 



: Name: 

Employee Number: 
Email Address: 
Surface Mail Address: 

Employment status (i.e. temp, contract, virtual): 

Organizational/reporting chart : 

Title: 

Department/Unit Title: 
Branch/Division: 
Mail Address: 



USER PROFILE REPORTS 

User's Employment Agreements and other contracts: 

Policy Trainin g and Exam status: 

Policy Compliance History 

Network Activity History 

Special Netvyork Access or Priyileaes 

Email storao e allocation 

Document access level 

User Access to includin n failed login attempts 

All attempts to launch pri vileged applications 

Any changes to system configuratio n parameters 

Software downloads from the Internet 

Software usage 

Hardware usage 

Software present on a user's workstation 
User's system access an d security status 
Identify need for upgrades 
identify need for training 
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Software Compliance 



REPORTS 

User access including failed iooin attempts 
All attempts to launch privileoed applications 
Any changes to system con figuration parameters 
Software downloads from the internet 
Software usage 
Hardware usaoe 
Location of software 
Location of software license agreements 
Type of softw are agreements 

Coordination of software license agreements w ith software utilization 

Provide statistical and graphical justification for software p urchases, upgrades and 

maintenance expense 

Software installations 

Software compliance 

Appropriateness, inapprooriateness and excessive u se of software, hardware 

resources thro ughout the enterprise. 

Number of people waiting for access to software application (s) 

Acce^^ ti^Q 

Value of softw are being used at anytime 
Identify need for upgrades 
Identify need for training 

Projections for hardware, software and licensing costs/ug ?ae throughout the 
enterprise 

Predict hardware demand 

Re-route software and hardware as indicated 

Personally installed or permitted soft ware installation 

Utilization of system resources 

Identify pote ntial Doiicv infringements 

Identify system trends pe r department use 

Allocation of related cost s related to department 
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Audit 



To: 

From: 

RE: 

Branch Location: 

Time: 

Dote: 

CC: 



PoiAcim@Virt.vom 

Sys@virt.com 

Audit Reminder 

Minneapolis 

11:20 a.m. 

May 20, 1 998 

Policyeffect@virt.com 

PolAdm@virt.com 

Lan@virt.com 



Audit Results 



Violations: 
Discrepancies^ 



Ciick on the report icon to complete policy violation repo rt, d 

(^eport^ 
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Network Policy Compliance Notice 



Reference Number: 

Posted-Date: 

To: 

From: 

Subject: 



985h34 

Mon, 20 May 1 998 1 6: 1 7:36 -0500 (CDT) 
Jane Doe@virt.com 
PolicyAdm @virt.com 
Violation Notice 



Network Non-Compliance Notice 



Name: 

Email Address: 
Title: 

Department/Unit Title: 
Branch/Division: 
Mail Address: 
Violation: 

Violation History: (hyperlink) 
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Network Compliance 
Action Notice 



The policy advisor has taken the potential violation into advisement and 
has determined the following procedures: 



This Is a Level 2 violation 



Follow the prompts to complete the violation reporting process for this 
level 2 violation. 

Click C j^qrp to begin the violation reporting process. 
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Policy Compliance Report Form 



Violator's Name: 



Email address: 



Title: 



Department: 



Mail Station 



Violation: Minor Violation Major Violation 

Type of Violation: (choose from drop down box ) 



Branch Location: 



Date of Occurrence: 



Date of report _ 

Official reporting the inctdent_ 



Policy Administrator:. 
Additional details: 



Ok I Reset 1 1 Cancel 
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Network Compliance 

Notice 



The policy advisor has taken the potential violation into advisement and 
has determined the following procedures: 



This is a Level 2 violation 



Follow the prompts to complete the violation reporting process for this 
level 2 violation. 



! Click 



(Jtart]) to 



begin the violation reporting process. 
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Policy Knowledge Query 



Name: 



Violation: Q Minor Violation Q Major Violation 

Type of Violation: (choose from drop down box ) 



Branch Location: 
Date: 



Policy Administrator:_ 
; Additional details: 



Search 



Reset 



Cancel 



CUSER HELP^^ Click icon for nnore infornnation on how to 
— respond to a violation report. 
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Policy Compliance Report Form 



Violator's Name: 



Email address: 



Title: 



Department: 



Mail Station 



Violation: Minor Violation Major Violation 

Type of Violation: (choose from drop down box ) 



Branch Location: 



Date of Occurrence:. 



Date of report 

Official reporting the incident^ 



Policy Administrator: . 
Additional details: 



Ok 



Reset 



Cancel 
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Fig. 42 



Policy Violation Code and Report 



The claim you submitted has been assigned 985h34 as its reference 
code. 



Encrypted email and surface mail copies of the policy violation claim 
report has been sent to: 

• Jane Doe 

• John Smith in Human Resources 

• System Policy Administrator 

• Virtual Workspace, LLC - a third party policy organization 




PRINT 



EXIT 
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System Violation Notice 

Email and Snail Maill Notice 



Name: 

User Profile: 
Violation Type: 

Violation level: 

Branch Location: 

Time: 

Date: 

CC: 



File Attachments: 



Jane Doe 

(Review Profile from drop down menu) 

Sent an email with confidential file 
atfacnment 

Level 2 

Minneapolis 

ll:20a.m. 

May 20, 1 998 

Jsmith@Virt.com 

PolAdm@Virt.com 

Policy@virtualworkspace.com 

Scheduling and violation report 



The system indicates you have violated a virtual policy. Attached is a policy 
violation ciaim report for your review. 

We will need your assistance to investigate the claim to determine if it is indeed 
accurate and if it warrants further discussion. Please follow the procedures 
below: 

• Review the attached policy violation claim report 

• Review your User's Violation History file at http://www.uservi.com. 

• Indicate any discrepancies in any of the reports 

• Indicate your availability for an in-person follow up meeting 

For further information click the user icon ^TjseT^. 

All report and investigation information is automatically recorded in the system. 
Thank you for your cooperation. 
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Subsequent Action Report 



\ ! 



Name: 

Violation level: 

Branch Location: 

Time: 

Date: 

CC: 



File Attachments: 



Jane Doe 

Level 2 

Minneapolis 

1 1:20 a.m. 

May 20, 1 998 

Jsmith@Virt.com 

PolAdm@Virt.com 

Policy@virtualworkspace.com 

Subsequent Action ReporT 



Following the violation meeting, Human Resources and the user are 
■ required to file a subsequent meeting report to verify their attendance 
at the meeting. 



The report can be accessed by click the report icon (Report 



if you have any additional questions or concerns, you may contact the 
Policy Administrator via email: PolAdm@Virt.com or by calling 555- 
1212. 

If you do not agree with the outcome of the nneeting. you may file for 
an appeal. To begin the appeal process, click on the appeal icon 
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I The Appeal Process 

t 
I 




The Appeal Process grants the user due process, including the 
opportunity to respond to an alleged violation in writing. The user is 
given the option to choose an appeal facilitator from the organization. 

The chosen facilitator is emailed and granted security and read-only 
access to a user's file. The facilitator is automatically copied on all 
appeal process communications. The system records the all 
communications and written activity. 

Internal officers are automatically prompted and sent a notice to 
schedule the appeal meeting with the new facilitator. The process is 
reported, stored, and tracked in the policy effectiveness module. 

The appeal report is automatically sent to: 

• Policy Effectiveness 

• The policy officer and the user via email 

• The policy officer and the user via snail mail 

The user is automatically sent information to inform him of his rights. 
To access further information, dick on the appeal icon (^^^ 
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i 
I 

Policy Effectiveness Reports 

Compliance Reports 



Enter access code: 



Enter hardware token: 



Choose report(s) to review: 

User/User profiles 

Network nodes 

Department 

Division 

Branch 

Application 

Time duration 

Timeframe based on: 

Historical and statistical reports 

Current 

Year-to-date 

Custom time frames 

Other 
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Policy Effectiveness Reports 

Enterprise-Wide Reports 



Enter access code: 



Enter hardware token: 



Choose report(s) to review: 

Policy compliance reports 
Risk assessment 

Strengths and weaknesses in policy compliance 

and non-compliance 

Email compliance reports 

Software compliance reporting 

Patterns, statistics and assessment of policy violations 

and non-compliance 
System backup reports 
Document tracking reports 
Audit and reconciliation reports 
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Policy Effectiveness Action 



Name: 

Violation level: 

Branch Location: 

Time: 

Date: 

CC: 

File Attachments: 



5ystemAdm@Virt.com 

Level 2 

Minneapolis 

11:20 a.m. 

May 20, 1998 

Network@Virt.com 

Policy@virtualworkspace.com 

Policy Effectiveness Action Report 



Policy Effectiveness has implemented a policy change for personal email 
usage. 

The new policy set the daily personal email usage at 35 messages vs. the 
previous 30 message limit. The personal email policy can be accessed at 
http://\vww.policy/personalemail.com 
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Policy Resources 






\ 

\ 


1 Policy Reference Library 


_ 


— — — 1 _ I 

1 Legal Research 
; 1 The Virtual Policy Manual 


i ^ 


■ 1 Policy Basics 

1 Software Resources including 

software listings and updates 




: ■ Software Registration 




; 1 Tech and User Support 




(>) (<) ('^'N MENU^(^END^(^RINr^ EXIT ^ 



SUBSTITUTE SHEET (RULE 26) 



INTERNATIONAL SEARCH REPORT 



International Application No 

PCT/US 99/13998 



A. CLASSlFICariON OF SUBJECT MATTER 

IPC 6 H04L29/06 H04L12/22 



According to Intemalional Patent Classilication (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classiticatton system followed by classification symt^ots) 

IPC 6 H04L G06F 



Oocumentatton searched other than mintmum documentation to the extent that such documents are included in the lields searched 



Electronic data base consulted dunng the international search (name of data base and. where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Categoiv ' 



Citation of document, with indication, where appropriate. o( the relevant passages 



Relevant to claim No. 



us 5 603 054 A (GOLDSTEIN RICHARD J ET 
AL) II February 1997 (1997-02-11) 

column 11, line 28-60 
column 14, line 25-37 

GRIMM R ET AL; "SECURITY POLICIES IN 

OSI-MANAGEMENT EXPERIENCES FROM THE 

OETEBERKOMPROJECT BMSEC" 

COMPUTER NETWORKS AND ISDN 

SYSTEMS, NL, NORTH HOLLAND PUBLISHING. 

AMSTERDAM, 

vol. 28, no. 4, page 499-511 XP00C553075 

ISSN: 0169-7552 
page 501, left-hand column, line 5 -page 
509, left-hand column, line 20 



1,4,11, 
12 

2,3,5-10 



1-12 



m 



Further documents are listed in the continuation of box C 



Patent family members are listed in annex. 



' Special categories of cited (documents : 

'A" document defining the general slate of the art which is not 

cor^idered to be of particular relevance 
*E" earlier document but published on or after the international 

filing date 

'L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason tas specified) 

"0" document referring to an oral disclosure, use. exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



"T** later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

•X" document of panicuiar relevance; the claimed invention 
cannot be considered novel or cannot be considered lo 
involve an inventive step when the document ts taken alone 

*Y" document of particular relevance: the claimed invention 

cannot be considered to lnvo^e an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious lo a person skilled 
in the art. 

"4" document member of the same patent family 



Date ot the actual completion of the international search 



16 November 1999 



Date of mailing ot the international search report 



26/11/1999 



Name and mailing address ot the ISA 

European Patent Office. P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswiik 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl. 
Fax; (+31-70) 340-3016 



Authorized officer 



Lazaro Lopez, M.L. 



Form PCT/lSA/2 10 (second sh»«t) (July 1992) 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 



International Application No 

PCT/US 99/13998 



C.<Continuation) DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ' Citation of clocument, with indication, where appropnate. ot the relevant passages 



Retevant lo claim No. 



WO 93 11480 A (INTERGRAPH CORP) 
10 June 1993 (1993-06-10) 
abstract 

page 5, line 14 -page 6, line 32 
page 8, line 30 -page 9, line 23 
page 11 , 1 ine 3-15 



1-12 



Fom PCT/ISA/210 (continuation ol second sheot) (July 1992) 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 

Information on patent family menit>er9 



International Application No 

PCT/US 99/13998 



Patent document 
cited in search report 



Publication 
date 



Patent family 
mennber(s) 



Putjiication 
date 



US 5603054 



11-02-1997 



US 
US 
US 
US 



5555376 A 
5717955 A 
5611050 A 
5544321 A 



10-09-1996 

10- 02-1998 

11- 03-1997 
06-08-1996 



WO 9311480 A 10-06-1993 US 5579222 A 26-11-1996 



Form PCT/lSA/210 (patonl tamHy annex » (Juty 1992) 



